6 files changed, 20 insertions, 5 deletions

diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md
index bb39280fd..7cfe1cb24 100644
--- a/doc/configuration_parameters.md
+++ b/doc/configuration_parameters.md
@@ -67,6 +67,7 @@ List of the supported configuration options:
 | "stun"       | "metadata.attribute.relayed_address"      | enable        | NULL      | NULL      | Enable/disable extraction of (xor-)relayed-address attribute for STUN flows. If it is disabled, STUN classification might be significant faster |
 | "stun"       | "metadata.attribute.peer_address"         | enable        | NULL      | NULL      | Enable/disable extraction of (xor-)peer-address attribute for STUN flows. If it is disabled, STUN classification might be significant faster; however sub-classification capability might be negatively impacted |
 | "bittorrent" | "metadata.hash"                           | enable        | NULL      | NULL      | Enable/disable extraction of hash metadata for Bittorrent flows. |
+| "ssdp"       | "metadata"                                | enable        | NULL      | NULL      | Enable/disable extraction of ALL metadata for SSDP flows. Note that, unlike all others protocols, for SSDP flows you can't enable/disable a specific metadata |
 | "dns"        | "subclassification"                       | disable       | NULL      | NULL      | Enable/disable sub-classification of DNS flows (via query/response domain name). |
 | "dns"        | "process_response"                        | enable        | NULL      | NULL      | Enable/disable processing of DNS responses. By default, DNS flows are fully classified after the first request/response pair (or after the first response, if the request is missing). If this parameter is disabled, the flows are fully classified after the first packet, i.e. usually after the first request; in that case, some flow risks are not checked and some metadata are not exported |
 | "http"       | "process_response"                        | enable        | NULL      | NULL      | Enable/disable processing of HTTP responses. By default, HTTP flows are usually fully classified after the first request/response pair. If this parameter is disabled, the flows are fully classified after the first request (or after the first response, if the request is missing); in that case, some flow risks are not checked and some metadata are not exported |
diff --git a/example/only_classification.conf b/example/only_classification.conf
index 6b6634a54..325517852 100644
--- a/example/only_classification.conf
+++ b/example/only_classification.conf
@@ -8,6 +8,8 @@
 --cfg=metadata.tcp_fingerprint,0
 #BITTORRENT
 --cfg=bittorrent,metadata.hash,0
+#SSDP
+--cfg=ssdp,metadata,0
 #TLS
 --cfg=tls,metadata.sha1_fingerprint,0 --cfg=tls,metadata.ja3s_fingerprint,0 --cfg=tls,metadata.ja4c_fingerprint,0 --cfg=tls,metadata.cert_server_names,0 --cfg=tls,metadata.cert_validity,0 --cfg=tls,metadata.cert_issuer,0 --cfg=tls,metadata.cert_subject,0 --cfg=tls,metadata.alpn_negotiated,0 --cfg=tls,metadata.versions_supported,0 --cfg=tls,metadata.cipher,0 --cfg=tls,metadata.browser,0
 #SIP
diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp
index 84e3a6573..1b7db3ca4 100644
--- a/fuzz/fuzz_config.cpp
+++ b/fuzz/fuzz_config.cpp
@@ -306,6 +306,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   if(fuzzed_data.ConsumeBool()) {
     value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1);
     snprintf(cfg_value, sizeof(cfg_value), "%d", value);
+    ndpi_set_config(ndpi_info_mod, "ssdp", "metadata", cfg_value);
+  }
+  if(fuzzed_data.ConsumeBool()) {
+    value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1);
+    snprintf(cfg_value, sizeof(cfg_value), "%d", value);
     ndpi_set_config(ndpi_info_mod, "dns", "subclassification", cfg_value);
   }
   if(fuzzed_data.ConsumeBool()) {
diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h
index 007038023..afd2f48ac 100644
--- a/src/include/ndpi_private.h
+++ b/src/include/ndpi_private.h
@@ -304,6 +304,8 @@ struct ndpi_detection_module_config_struct {
 
   int bittorrent_hash_enabled;
 
+  int ssdp_metadata_enabled;
+
   int dns_subclassification_enabled;
   int dns_parse_response_enabled;
 
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 1831b7ecf..86d9e02f1 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -11776,6 +11776,8 @@ static const struct cfg_param {
 
   { "bittorrent",    "metadata.hash",                           "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(bittorrent_hash_enabled), NULL },
 
+  { "ssdp",          "metadata",                                "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(ssdp_metadata_enabled), NULL },
+
 
   { "dns",           "subclassification",                       "disable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(dns_subclassification_enabled), NULL },
   { "dns",           "process_response",                        "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(dns_parse_response_enabled), NULL },
diff --git a/src/lib/protocols/ssdp.c b/src/lib/protocols/ssdp.c
index bd9f857ba..9216bc97a 100644
--- a/src/lib/protocols/ssdp.c
+++ b/src/lib/protocols/ssdp.c
@@ -213,7 +213,8 @@ static void ssdp_parse_lines(struct ndpi_detection_module_struct
 static void ndpi_int_ssdp_add_connection(struct ndpi_detection_module_struct
 					 *ndpi_struct, struct ndpi_flow_struct *flow)
 {
-  ssdp_parse_lines(ndpi_struct, flow);
+  if(ndpi_struct->cfg.ssdp_metadata_enabled)
+    ssdp_parse_lines(ndpi_struct, flow);
   ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSDP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
 }
 
@@ -228,10 +229,12 @@ static void ndpi_search_ssdp(struct ndpi_detection_module_struct *ndpi_struct, s
     if (packet->payload_packet_len >= 19) {
       for (unsigned int i=0; i < sizeof(SSDP_METHODS)/sizeof(SSDP_METHODS[0]); i++) {
         if(memcmp(packet->payload, SSDP_METHODS[i].detection_line, strlen(SSDP_METHODS[i].detection_line)) == 0) {
-          flow->protos.ssdp.method = ndpi_malloc(strlen(SSDP_METHODS[i].detection_line) + 1);
-          if (flow->protos.ssdp.method) {
-            memcpy(flow->protos.ssdp.method, SSDP_METHODS[i].method, strlen(SSDP_METHODS[i].method));
-            flow->protos.ssdp.method[strlen(SSDP_METHODS[i].method)] = '\0';
+          if(ndpi_struct->cfg.ssdp_metadata_enabled) {
+            flow->protos.ssdp.method = ndpi_malloc(strlen(SSDP_METHODS[i].detection_line) + 1);
+            if (flow->protos.ssdp.method) {
+              memcpy(flow->protos.ssdp.method, SSDP_METHODS[i].method, strlen(SSDP_METHODS[i].method));
+              flow->protos.ssdp.method[strlen(SSDP_METHODS[i].method)] = '\0';
+            }
           }
           NDPI_LOG_INFO(ndpi_struct, "found ssdp\n");
           ndpi_int_ssdp_add_connection(ndpi_struct, flow);